Ensure the --anonymous-auth argument is set to False

Error: The --anonymous-auth argument is not set to False

Bridgecrew Policy ID: BC_K8S_95
Checkov Check ID: CKV_K8S_138
Severity: MEDIUM

The --anonymous-auth argument is not set to False

Description

Disable anonymous requests to the Kubelet server. When enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the Kubelet server. You should rely on authentication to authorize access and disallow anonymous requests.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kubelet
    tier: control-plane
  name: kubelet
  namespace: kube-system
spec:
  containers:
  - command:
+    - kubelet
+    - --anonymous-auth=false
    image: gcr.io/google_containers/kubelet-amd64:v1.6.0
    ...

Did this page help you?